概述
SecurityFilterAutoConfiguration的作用是自动配置一个DelegatingFilterProxyRegistrationBean,这个bean通过name找到SecurityAutoConfiguration中往spring容器中添加名称为springSecurityFilterChain的过滤器并进行代理,最终将这个springSecurityFilterChain添加到ServletContext。
SecurityFilterAutoConfiguration
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
| @Configuration @ConditionalOnWebApplication(type = Type.SERVLET) @EnableConfigurationProperties(SecurityProperties.class) @ConditionalOnClass({ AbstractSecurityWebApplicationInitializer.class, SessionCreationPolicy.class }) @AutoConfigureAfter(SecurityAutoConfiguration.class) public class SecurityFilterAutoConfiguration { private static final String DEFAULT_FILTER_NAME = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME; @Bean @ConditionalOnBean(name = DEFAULT_FILTER_NAME) public DelegatingFilterProxyRegistrationBean securityFilterChainRegistration( SecurityProperties securityProperties) { DelegatingFilterProxyRegistrationBean registration = new DelegatingFilterProxyRegistrationBean( DEFAULT_FILTER_NAME); registration.setOrder(securityProperties.getFilter().getOrder()); registration.setDispatcherTypes(getDispatcherTypes(securityProperties)); return registration; }
private EnumSet<DispatcherType> getDispatcherTypes(SecurityProperties securityProperties) { if (securityProperties.getFilter().getDispatcherTypes() == null) { return null; } return securityProperties.getFilter().getDispatcherTypes().stream() .map((type) -> DispatcherType.valueOf(type.name())) .collect(Collectors.collectingAndThen(Collectors.toSet(), EnumSet::copyOf)); }
}
|
- 在SecurityAutoConfiguration配置完成之后再进行配置,SecurityAutoConfiguration中进行了很多基本配置,其中名称为springSecurityFilterChain的bean就是在其中配置的
- 将DelegatingFilterProxyRegistrationBean注册到spring容器中,它代理的过滤器就是springSecurityFilterChain,最终在应用启动时,会将它代理的过滤器注册到ServletContext中
总结
SecurityFilterAutoConfiguration将DelegatingFilterProxyRegistrationBean注册到spring容器中,委托它找到spring容器中name为springSecurityFilterChain的过滤器,在应用启动时将该过滤器添加到ServletContext中。